This is a new server and it came with openssl pre-installed. Through the limited information I cld find on this, it points to being a server-side issue and is also probably unrelated to Unreal. But, since Unreal is all I'm using this server for, I was wondering if someone here might know what I can do to get SSL work for Unreal?

I got in with hexchat via ssl. But weechat, bitchx and kvirc all give errors. Man, I need help on this big time. Been at it for two now. Wiping the drive, reinstalling the OS and software...all for a 20 minute set up routine. I was getting same thing on Inspircd. So I tried your Unreal. This is a nightmare! What can I do to help you help me?

In addition, a friend of mine just used Mibbet and irccloud and got on @ 6697. So some clients are accepting whatever's going on here, but the major clients like bitchx and weechat arent.

That's three connections that used port 6697 and made it in via SSL. I don't understand. I mean, I just now used hexchat again and connected to port 6697 and I can see where I indeed connected and have a secure line. But running nmap again shows nothing's happening with that port.

By default nmap does not scan all ports (1-65535), only the "most common ports", the "Not shown: 996 closed ports" is a small hint with regards to that. You have to use -p <portrange(s)> and then you'll see the port is open.
Anyway, off-topic. Let's get back to your issue:

I got in with hexchat via ssl. But weechat, bitchx and kvirc all give errors. Man, I need help on this big time. Been at it for two now. Wiping the drive, reinstalling the OS and software...all for a 20 minute set up routine. I was getting same thing on Inspircd. So I tried your Unreal. This is a nightmare! What can I do to help you help me?

In addition, a friend of mine just used Mibbet and irccloud and got on @ 6697. So some clients are accepting whatever's going on here, but the major clients like bitchx and weechat arent.

Can you connect with those clients to other servers? In particular irc.unrealircd.org (6697 as usual)

1. What is your UnrealIRCd version?
2. What is your OpenSSL version? Preferably the OpenSSL version it shows at "./unrealircd start" (you can do that without restarting your servers, if it's already running it will simply spit out address already in use errors and not start).
3. What OS are you using? (eg: for Linux 'lsb_release -av')
4. Did you set anything in your set::ssl block? (Just checking, as using custom settings for ciphers and things like that can easily screw up clients).

Thanks for the version numbers. Nothing out of the ordinary there. A configuration used by many people, Debian 9 in particular.

I'm beginning to think my self-signed certificate is the problem. But damn! Wasn't ever like that before.

It is true that clients are becoming more strict with regards to self-signed certificates, yes. But I would say that would not explain a disconnect half-way through LUSERS, it should have disconnected in the SSL handshake phase (before you even see any IRC stuff), so that is what spotted my attention. Also, I would expect the client to print out an error regarding the certificate then, which it didn't in your (first) paste.

You also said "weechat, bitchx and kvirc all give errors", but what errors are they giving?

If you are ok with it, you could post the IP of the server here so people can try to connect, see what happens.

Constructive criticism leads to evolution and progress. Negative criticism leads to obsolescence. We are not in the 90's IRC world anymore.
CertFP: d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244

What you post from weechat is indeed because the certificate being self signed. That can only be fixed by using a real certificate, with the correct name, etc. or by configuring your client to ignore such things. Naturally the first is preferred over the latter .

The kvirc error I do not know at this point.. I guess that was the original client you were referring to.

The server on irc.unrealircd.org uses more strict ciphers than standard, so it would be odd if you can connect to irc.unrealircd.org with kvirc but not to your own server. Then perhaps it too is related to the certificate, if so then the error should be more clear IMO . I would have tested with kvirc myself but I saw your message too late, got to go now.

SECURE256:-VERS-TLS-ALL:+VERS-TLS1.2 or SECURE256:-VERS-TLS-ALL:+VERS-TLS1.3 might be too high for your setup.

Again, client side pebcak.
I actually use these and related methods to prevent bot connections and irc clients that are pure garbage.
If a client cannot deal with a specific cypher, it will never connect

You can also specify which cyphers to use on the server.

Constructive criticism leads to evolution and progress. Negative criticism leads to obsolescence. We are not in the 90's IRC world anymore.
CertFP: d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244

HeXiLeD, his problem is not due to TLS versions or ciphers as he said before he can connect fine to irc.unrealircd.org, which only permits TLSv1.2 and PFS ciphersuites at the moment. Saying his new wildcard cert would not help anything is incorrect too, as the weechat error he pasted was due to the self-signed certificate (well, and the hostname being incorrect).

MOD EDIT: I have deleted the posts from two users that did not help this user further and turned this into some kind of war thread

With Unreal 4.2.1 up and running, I saw yesterday where someone SSL connected with KVirc 4.9.3, same version as I use. They were there almost 10 minutes. But no matter how I switch the three setting on KVirc for SSL, I can't get it to work. No big deal. What's a big deal to me at this point is not being able to use BitchX or weechat. And while I'm sure everyone wld be able to connect using either of them, I can't. No one has a problem connecting except me. AND I HATE HEXCHAT! But that's all I seem to be able to use with SSL.

So, I see this no longer as an Unreal issue and will close this. It's evident that the problem's local to me. I appreciate your help, Syzop. There are a few things abt Unreal that I don't understand, but I'll open new tickets for them.

Glad to hear. And I'm probably the KVirc user you are referring to. I connected with the kvirc 4.9.3 package installed on Ubuntu 18.04, nothing special configured, just /server -s irc.xtremeirc.net 6697 from a brand new installation and indeed it worked. I disconnected myself after some time.

One small thing: with SSL/TLS and verifying certificates (if this is enabled, as is the default on some clients), there's a difference between connecting to irc.example.net and connecting to 1.2.3.4 (or 127.0.0.1). The latter will always fail standard certificate validation since it tries to validate the name, which it cannot do if you connect by IP address. So, just a small thing to consider.

Also, important: I think your kvirc problem may be entirely different (not to mention strange) than the problems you had with those other clients (which is about certificate validation).

UPDATE:
One last thing to add: I also tested with kvirc 4.9.3 connecting to UnrealIRCd on localhost on a SSL/TLS port. This worked fine for me, no strange connection reset like you had in your initial post. Also tried with an extra large motd. Nothing.

Anyway, like you said, this sounds more like a client issue than something with UnrealIRCd.

I'll close this thread since as you said you'll bring it up when you have something new and to discourage the other 2 users fighting here that are not helping you with the actual problem at hand.